Module: Verikloak::MiddlewareErrorMapping Private

Included in:

Middleware

Defined in:

lib/verikloak/middleware.rb

Overview

This module is part of a private API. You should avoid using this module if possible, as it may be removed or be changed in the future.

Internal helper mixin that encapsulates error-to-HTTP mapping logic used by Middleware. By extracting this mapping into a separate module, the middleware class remains shorter and easier to reason about.

This module does not depend on Rack internals; it only interprets Verikloak error objects and their ‘code` attributes.

Constant Summary

AUTH_ERROR_CODES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Set of token/client-side error codes that should map to **401 Unauthorized**.

Returns:

• (Array<String>)

%w[
  invalid_token expired_token not_yet_valid invalid_issuer invalid_audience
  invalid_signature unsupported_algorithm missing_authorization_header invalid_authorization_header
].freeze

INFRA_ERROR_CODES =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Set of middleware/infrastructure error codes that should map to **503 Service Unavailable**.

Returns:

• (Array<String>)

%w[jwks_fetch_failed jwks_cache_miss].freeze

Instance Method Summary

• #auth_error?(code) ⇒ Boolean private

  True if the error belongs to AUTH_ERROR_CODES.

• #dependency_error_tuple(error) ⇒ Array(String, Integer)^? private

  Maps dependency-layer errors to a pair of ‘[code, http_status]`.

• #fallback_tuple(error, code) ⇒ Array(String, Integer) private

  Final mapping fallback when no other rule has handled the error.

• #forbidden?(code) ⇒ Boolean private

  True if the error should be treated as a 403 Forbidden.

• #infra_error_tuple(error, code) ⇒ Array(String, Integer)^? private

  Maps middleware infrastructure errors to a pair of ‘[code, http_status]`.

Instance Method Details

#auth_error?(code) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if the error belongs to AUTH_ERROR_CODES.

Parameters:

• code (String, nil)

Returns:

• (Boolean) —

  true if the error belongs to AUTH_ERROR_CODES

# File 'lib/verikloak/middleware.rb', line 36

def auth_error?(code)
  code && AUTH_ERROR_CODES.include?(code)
end

#dependency_error_tuple(error) ⇒ Array(String, Integer)^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Maps dependency-layer errors to a pair of ‘[code, http_status]`.

Parameters:

• error (Exception)

Returns:

• (Array(String, Integer), nil) —

  two-element tuple or nil when not applicable

# File 'lib/verikloak/middleware.rb', line 44

def dependency_error_tuple(error)
  if error.is_a?(Verikloak::DiscoveryError)
    [error.code || 'discovery_error', 503]
  elsif error.is_a?(Verikloak::JwksCacheError)
    [error.code || 'jwks_error', 503]
  end
end

#fallback_tuple(error, code) ⇒ Array(String, Integer)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Final mapping fallback when no other rule has handled the error.

Parameters:

• error (Exception)
• code (String, nil)

Returns:

• (Array(String, Integer)) —

  two-element tuple

# File 'lib/verikloak/middleware.rb', line 68

def fallback_tuple(error, code)
  case error
  when Verikloak::TokenDecoderError
    ['invalid_token', 401]
  when Verikloak::MiddlewareError
    [code || 'invalid_token', 401]
  else
    ['internal_server_error', 500]
  end
end

#forbidden?(code) ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns true if the error should be treated as a 403 Forbidden.

Parameters:

• code (String, nil) —

  short error code

Returns:

• (Boolean) —

  true if the error should be treated as a 403 Forbidden

# File 'lib/verikloak/middleware.rb', line 30

def forbidden?(code)
  code == 'forbidden'
end

#infra_error_tuple(error, code) ⇒ Array(String, Integer)^?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Maps middleware infrastructure errors to a pair of ‘[code, http_status]`.

Parameters:

• error (Exception)
• code (String, nil)

Returns:

• (Array(String, Integer), nil)

# File 'lib/verikloak/middleware.rb', line 57

def infra_error_tuple(error, code)
  return unless error.is_a?(Verikloak::MiddlewareError) && code && INFRA_ERROR_CODES.include?(code)

  [code, 503]
end